UCF STIG Viewer Logo

Bromium Secure Platform 4.x Security Technical Implementation Guide


Overview

Date Finding Count (28)
2018-05-11 CAT I (High): 3 CAT II (Med): 16 CAT III (Low): 9
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-80437 High The Bromium vSentry client must automatically terminate a micro-virtual machine (VM) when any malicious activities are detected within the micro-VM.
V-80435 High The Bromium Enterprise Controller (BEC) must remove all local Bromium accounts after setup is complete and use the account recovery procedures to recover the local account if network access using the Bromium Account of Last Resort is required.
V-80479 High The Bromium Enterprise Controller (BEC) must forward an event to the central log server when isolation is disabled on any protected Bromium vSentry client.
V-80461 Medium The Bromium vSentry client must prohibit user installation of software except for clients that are explicitly approved by the ISSM or other authorizing official.
V-80449 Medium The Bromium Enterprise Controller (BEC) must send log records to a central log server (i.e., syslog server).
V-80467 Medium The Bromium vSentry client must include exceptions for HBSS to ensure interoperability and protect from attacks on critical files, applications, processes, registry settings, and attempts at executing unauthorized code in memory.
V-80443 Medium The Bromium Enterprise Controller (BEC) must change the password for the Account of Last Resort when an individual with knowledge of the password leaves the group.
V-80441 Medium The Bromium Enterprise Controller (BEC) must be configured to immediately disconnect or disable remote access to the BEC.
V-80429 Medium The Bromium Enterprise Controller (BEC) must generate a log record that can be sent to the central log server, which will alert the system administrator (SA) and Information System Security Officer (ISSO), at a minimum, when a Bromium vSentry client has not connected to the BEC for logging or policy update purposes for an organization-defined time period.
V-80425 Medium The Bromium Enterprise Controller (BEC) lockout_delay_base in the settings.json file must be set to a minimum of 10 and the lockout_delay_scale must be set to 1 at a minimum.
V-80423 Medium The Bromium Enterprise Controller (BEC) must set the number of concurrent sessions to 1.
V-80463 Medium The Bromium Enterprise Controller (BEC) Update Interval must be set to a maximum of one hour.
V-80455 Medium The Bromium Enterprise Controller (BEC) must generate a log record that can be sent to the central log server, which will alert the system administrator (SA) and Information System Security Officer (ISSO), at a minimum, when it is unable to connect to the SQL database.
V-80451 Medium The Bromium Enterprise Controller (BEC) must send history.log records to a central log server (i.e., syslog server).
V-80453 Medium The Bromium Enterprise Controller (BEC) must manage log record storage capacity so history.log does not exceed physical drive space capacity allocated by the database administrator (DBA) and system administrator.
V-80439 Medium The Bromium vSentry client must automatically capture and forward payloads (Malware Manifest) that were downloaded and determined to be malicious to the management console.
V-80469 Medium The Bromium Enterprise Controller (BEC) must have the base policy Logging Level set to Debug.
V-80433 Medium The Bromium Enterprise Controller (BEC) must protect BEC Web console from unauthorized modification.
V-80431 Medium The Bromium Enterprise Controller (BEC) must protect the BEC Web Console from unauthorized access.
V-80465 Low If the Host Based Security System (HBSS) is not installed to monitor the Bromium Enterprise Controller (BEC) application, processes, and registry settings, the Bromium Protection agent must be installed on the BEC server.
V-80447 Low The Bromium Enterprise Controller (BEC) must be configured to permit only authorized users to remotely view, in real time (within seconds of event occurring), all content related to an established Bromium vSentry client session.
V-80445 Low The Bromium Enterprise Controller (BEC) must be configured so that organization-identified administrator roles have permission to change, based on selectable criteria, the types of Bromium vSentry client events that are captured in the events log and stored in the SQL database with immediate effect.
V-80427 Low The Bromium Enterprise Controller (BEC) must be configured for authorized system administrators to capture and log content related to a Bromium vSentry client.
V-80483 Low The Bromium Enterprise Controller (BEC) must have Threat Intelligence lookup disabled.
V-80481 Low The Bromium Enterprise Controller (BEC) must be configured to allow authorized administrators to create organization-defined custom rules to support mission and business requirements.
V-80471 Low The Bromium monitoring module installed on the Bromium Enterprise Controller (BEC) or Bromium vSentry must generate an event and forward to the central log server when anomalies in the operation of security functions of the BEC or Bromium vSentry application are discovered.
V-80459 Low The Bromium Enterprise Controller (BEC) must be configured to provide report generation that supports after-the-fact investigations of security incidents.
V-80457 Low The Bromium Enterprise Controller (BEC) must be configured to provide report generation that supports on-demand reporting requirements for threat events.